kern-ux/kern-labor-projekte/kern-ki-botThis dossier retains 931 exact component occurrences from 2 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:efce8eeb26af73ae7df23849ff19164513bc529b10097eb7e32bdcab39e805a3sha256:ca6464b90e58d5630aaf94c19188d53285e0f05d08253c2e0a294c173d40ed49npm:openai4.104.0 · 5.23.2npm:axios1.11.0 · 1.13.225 OSV records returnednpm:undici7.13.0 · 7.18.214 OSV records returnednpm:minimatch10.0.3 · 10.1.1 · 3.1.2 · 9.0.53 OSV records returnednpm:qs6.13.0 · 6.14.13 OSV records returnednpm:brace-expansion1.1.12 · 2.0.22 OSV records returnednpm:flatted3.3.32 OSV records returnednpm:js-yaml3.14.1 · 3.14.2 · 4.1.12 OSV records returnednpm:lodash4.17.212 OSV records returnednpm:markdown-it14.1.02 OSV records returnednpm:picomatch2.3.1 · 4.0.32 OSV records returnednpm:@isaacs/brace-expansion5.0.01 OSV record returnednpm:ajv6.12.61 OSV record returnednpm:diff5.2.01 OSV record returnednpm:follow-redirects1.15.111 OSV record returnednpm:form-data4.0.4 · 4.0.51 OSV record returnednpm:glob10.4.5 · 10.5.0 · 11.0.1 · 11.0.3 · 7.2.31 OSV record returnednpm:immutable5.1.41 OSV record returnednpm:jws3.2.21 OSV record returnednpm:linkify-it5.0.01 OSV record returnednpm:path-to-regexp0.1.121 OSV record returnednpm:postcss8.4.491 OSV record returnednpm:prismjs1.27.0 · 1.30.01 OSV record returnednpm:shell-quote1.8.31 OSV record returnednpm:smol-toml1.3.41 OSV record returnednpm:uuid11.1.0 · 8.3.2 · 9.0.11 OSV record returnednpm:yaml2.8.21 OSV record returnednpm:@azure/abort-controller2.1.2npm:@azure/core-auth1.10.0npm:@azure/core-client1.10.0npm:@azure/core-rest-pipeline1.22.0npm:@azure/core-tracing1.3.0npm:@azure/core-util1.13.0npm:@azure/identity4.10.2npm:@azure/logger1.3.0npm:@azure/msal-browser4.18.0npm:@azure/msal-common15.9.0npm:@azure/msal-node3.6.4npm:@babel/code-frame7.28.6npm:@babel/helper-validator-identifier7.28.5npm:@babel/runtime7.28.6npm:@emotion/is-prop-valid1.4.0npm:@emotion/memoize0.9.0npm:@emotion/unitless0.10.0npm:@eslint-community/eslint-utils4.9.1npm:@eslint-community/regexpp4.12.2npm:@eslint/eslintrc2.1.4npm:@eslint/js8.57.1npm:@floating-ui/core1.7.3npm:@floating-ui/dom1.7.4npm:@floating-ui/utils0.2.10npm:@gitbeaker/core43.8.0npm:@gitbeaker/requester-utils43.8.0npm:@gitbeaker/rest43.8.0npm:@humanwhocodes/config-array0.13.0npm:@humanwhocodes/module-importer1.0.1npm:@humanwhocodes/object-schema2.0.3npm:@isaacs/balanced-match4.0.1npm:@isaacs/cliui8.0.2npm:@jridgewell/gen-mapping0.3.13npm:@jridgewell/resolve-uri3.1.2npm:@jridgewell/sourcemap-codec1.5.5npm:@jridgewell/trace-mapping0.3.31npm:@kern-ux/native1.3.0npm:@mdx-js/react3.1.1npm:@nodelib/fs.scandir2.1.5npm:@nodelib/fs.stat2.0.5npm:@nodelib/fs.walk1.2.8npm:@npmcli/config8.3.4npm:@npmcli/git5.0.8npm:@npmcli/map-workspaces3.0.6npm:@npmcli/name-from-folder2.0.0npm:@npmcli/package-json5.2.1npm:@npmcli/promise-spawn7.0.2npm:@parcel/watcher2.5.4npm:@parcel/watcher-android-arm642.5.4npm:@parcel/watcher-darwin-arm642.5.4npm:@parcel/watcher-darwin-x642.5.4npm:@parcel/watcher-freebsd-x642.5.4npm:@parcel/watcher-linux-arm-glibc2.5.4npm:@parcel/watcher-linux-arm-musl2.5.4npm:@parcel/watcher-linux-arm64-glibc2.5.4npm:@parcel/watcher-linux-arm64-musl2.5.4npm:@parcel/watcher-linux-x64-glibc2.5.4npm:@parcel/watcher-linux-x64-musl2.5.4npm:@parcel/watcher-win32-arm642.5.4npm:@parcel/watcher-win32-ia322.5.4npm:@parcel/watcher-win32-x642.5.4npm:@pkgjs/parseargs0.11.0npm:@pkgr/core0.2.9npm:@tsconfig/docusaurus2.0.7npm:@types/concat-stream2.0.3npm:@types/debug4.1.12npm:@types/estree1.0.8npm:@types/estree-jsx1.0.5npm:@types/hast2.3.10 · 3.0.4npm:@types/is-empty1.2.3npm:@types/katex0.16.8npm:@types/mdast4.0.4npm:@types/mdx2.0.13npm:@types/ms2.1.0npm:@types/node18.19.121 · 22.19.6 · 24.2.0npm:@types/node-fetch2.6.13npm:@types/prismjs1.26.5npm:@types/react19.2.8npm:@types/react-dom19.2.3npm:@types/stylis4.2.7npm:@types/supports-color8.1.3npm:@types/unist2.0.11 · 3.0.3npm:@typescript-eslint/eslint-plugin7.18.0npm:@typescript-eslint/parser7.18.0npm:@typescript-eslint/scope-manager7.18.0npm:@typescript-eslint/type-utils7.18.0npm:@typescript-eslint/types7.18.0npm:@typescript-eslint/typescript-estree7.18.0npm:@typescript-eslint/utils7.18.0npm:@typescript-eslint/visitor-keys7.18.0npm:@typespec/ts-http-runtime0.3.0npm:@ungap/structured-clone1.3.0npm:abbrev2.0.0This page displays 120 of 714 ordered rows. The machine-readable dossier retains the complete exact projection.
LinkifyIt#match scan loop has quadratic algorithmic complexity
30 Jun 2026minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
28 Feb 2026flatted vulnerable to unbounded recursion DoS in parse() revive phase
17 Mar 2026ajv has ReDoS when using `$data` option
04 Mar 2026Undici has an HTTP Request/Response Smuggling issue
18 Mar 2026axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
12 Jun 2026undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
21 Jun 2026path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
08 Jul 2026markdown-it is has a Regular Expression Denial of Service (ReDoS)
18 Feb 2026axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
12 Jun 2026Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
08 May 2026minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
24 Feb 2026Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
28 Mar 2026Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
06 May 2026Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
08 May 2026Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
06 May 2026yaml is vulnerable to Stack Overflow via deeply nested YAML collections
27 Mar 2026Undici has CRLF Injection in undici via `upgrade` option
18 Mar 2026Axios is vulnerable to DoS attack through lack of data size check
04 Feb 2026Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
06 May 2026glob CLI: Command injection via -c/--cmd executes matches with shell:true
04 Feb 2026Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
08 Jun 2026Axios: Header Injection via Prototype Pollution
06 May 2026qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
04 Mar 2026markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations
18 Jun 2026jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
05 Feb 2026Allocation of Resources Without Limits or Throttling in Axios
12 Jun 2026@isaacs/brace-expansion has Uncontrolled Resource Consumption
05 Feb 2026minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
28 Feb 2026auth0/node-jws Improperly Verifies HMAC Signature
04 Feb 2026axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
12 Jun 2026Picomatch has a ReDoS vulnerability via extglob quantifiers
28 Mar 2026lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
08 Jul 2026Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
18 Mar 2026brace-expansion: Zero-step sequence causes process hang and memory exhaustion
27 Mar 2026Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
20 May 2026undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching
21 Jun 2026Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
04 Feb 2026JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
29 Jun 2026Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
18 Jun 2026undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
21 Jun 2026form-data: CRLF injection in form-data via unescaped multipart field names and filenames
17 Jun 2026Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection
12 Jun 2026brace-expansion: Large numeric range defeats documented `max` DoS protection
09 Jun 2026Axios: no_proxy bypass via IP alias allows SSRF
06 May 2026js-yaml has prototype pollution in merge (<<)
08 Jul 2026undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
21 Jun 2026Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter
12 Jun 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): KERN KI Chat-Bot Example — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-8658/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.